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APPENDIX A 

Card Class File Format For Preferred Embodiment 
Introduction 

The card class file is a compressed form of the original class file(s). The card class file contains onl 
semantic information required to interpret Java programs from the original class files. The indirect 
references in the original class file are replaced with direct references resulting in a compact represi 
The card class file format is based on the following principles: 

1 . Stay close to the standard class file format: The card class file format should remain as close I 
standard class file format as possible. The Java byte codes in the class file remain unaltered. N< 
altering the byte codes ensures that the structural and static constraints on them remain verifiab 

2. Ease of implementation : The card class file format should be simple enough to appeal to Java 
Machine implemented. It must allow for different yet behaviorally equivalent implementations 

3. Feasibility: The card class file format must be compact in order to accommodate smart card 
technology. It must meet the constraints of today's technology while not losing sight of tomorrc 
innovations. 

This document is based on Chapter 4, 'The class file format", in the book titled 'The Java™ Virtua 
Machine Specification"[l], henceforth referred to as the Red book. Since the document is based on 
standard class file format described in the Red book, we only present information that is different 1 
book serves as the final authority for any clarification. 
The primary changes from the standard class file format are: 

• The constant pool is optimized to contain only 16-bit identifiers and, where possible, indirectio 
replaced by a direct reference. 

• Attributes in the original class file are eliminated or regrouped. • 

The Java Card class File Format 

This section describes the Java Card class file format. Each card class file contains one or many Jav 
where a type may be a class or an interface. 

A card class file consists of a stream of 8-bit bytes. All 16-bit, 32-bit. and 64-bit quantities are cons 
by reading in two, four, and eight consecutive 8-bit bytes, respectively. Multi-byte data jtems are al< 
stored in big-endian order, where the high bytes come first In Java, this format is supported by intei 
java.io.DataInput and java.io.DataOutput and classes such as java.io.DataInputStream and 
j ava.io.DataOutputStream. 

We define and use the same set of data types representing Java class file data: The types ul, u2, and 
represent an unsigned one-, two-, or four-byte quantity, respectively. In Java, these types may be rei 
methods such as readUnsignedByte, readUnsignedShort, and readlnt of the interface java.io.DataIn| 
The card class file format is presented using pseudo-structures written in a C-like structure notation, 
avoid confusion with the fields of Java Card Virtual Machine classes and class instances, the conten 
structures describing the card class file format are referred to as items. Unlike the fields of a C stmc 
successive items are stored in the card class file sequentially, without padding or alignment. 
Variable-sized tables, consisting of variable-sized items, are used in several class file structures. Alt 
we will use C-like array syntax to refer to table items, the fact that tables are streams of varying-size 
structures means that it is not possible to directly translate a table index into a byte offset into the tai 
Where we refer to a data structure as an array, it is literally an array. 

In order to distinguish between the card class file structure and the standard class file structure, we i 
capitalization; for example, we rename field Jnfo in the original class file to Fieldlnfo in the card cl; 



Card Class File 

A card class file contains a single CardClassFile structure: 
CardClassFile { 
ul major_version; 
ul minor_version; 
u2 name Jndex; 
u2 const_size; 
u2 max_class: 

Cplnfo constant_pool[const_size]; 
Classlnfo class(max_class]; 

} 

The items in the CardClassFile structure are as follows: 
minorjversion, major_version 

The values of the minor_version and major_version items are the minor and major version numbers < 
off-card Java Card Virtual Machine that produced this card class file. An implementation of the Java 
Virtual Machine normally supports card class files having a given major version number and minor \ 
numbers 0 through some particular minor_version. 

Only the Java Card Forum may define the meaning of card class file version numbers, 
namejndex 

The value of the namejndex item must represent a valid Java class name. The Java class name repre 
by namejndex must be exactly the same Java class name that corresponds to the main application th 
run in the card. A card class file contains several classes or interfaces that constitute the application t 
runs in the card. Since Java allows each class to contain a main method there must be a way to distinj 
the class file containing the main method which corresponds to the card application. 
const_size 

The value of const_size gives the number of entries in the card class file constant pool. A constant_p 
index is considered valid if it is greater than or equal to zero and less than const_size. 
max_class 

This value refers to the number of classes present in the card class file. Since the*hame resolution am 
linking in the Java Card are done by the off-card Java Virtual Machine all the class files or classes re 
for an application are placed together in one card class file. 
constant_poolG 

The constant _pool is a table of variable-length structures (0) representing various string constants, cl 
names, field names, and other constants that are referred to within the CardClassFile structure and its 
substructures. 

The first entry in the card class file is constant_pool[0]. * 

Each of the constant _pool table entries at indices 0 through const_size is a variable-length structure ( 

class[] 

The class is a table of max_class classes that constitute the application loaded onto the card. 

Constant Pool 

All constant_pool table entries have the following general format: 
Cplnfo { 
*ui tag; 
ui info[]; 

} 

Each item in the constant^pool table must begin with a 1-byte tag indicating the kind of cpjnfo entr 
contents of the info anray varies with the value of tag. The valid tags and their values . are the same as' 
specified in the Red book. 

Each tag byte must be followed by two or more bytes giving information about the specific constant, 
format of the additional information varies with the tag value. Currently the only tags that need to be 
included are CONSTANT_Class, CONSTANT_FieldRef, CONSTANT_MethodRef and 
CONSTANT JnterfaceRef. Support for other tags be added as they are included in the specification. 
CONSTANT_Class ^ 
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The CONST ANT JZlass Jnfo structure is used to represent a class or an interface: 
CONSTANT JZlassInfo { 
ul tag; 

u2 name_index: 

) 

The items of the CONSTANT_Class Jnfo structure are the following: 
tag 

The tag item has the value CONSTANT_Class (7). 
name Jndex 

The value of the name Jndex item must represent a valid Java class name. The Java class name represe 
by name Jndex must be exactly the same Java class name that is described by the corresponding 
CONSTANT_Class entry in the constant_pool of the original class file. 
CONSTANT_Fieldref, CONSTANT.Methodref, and CONSTANT JnterfaceMethodref 
Fields, methods, and interface methods are represented by similar structures: 
CONSTANT.Fieldreflnfo { 
ul tag; 

u2 classjndex; 
u2 name_sigjndex; 

} 

CONSTANT_Methodreflnfo { 
ul tag; 

u2 classjndex; 
u2 name_sigjndex; 

) 

CONSTANT JnterfaceMethodreflnfo { 
ul tag; 

u2 classjndex; 
u2 name_sigjndex; 

} 

The items of these structures are as follows: 
tag 

the tag item of a CONSTANT jMeldreflnfo structure has the value CONSTANT Jneldref (9). 
The tag item of a CONSTANTJvlethodreflnfo structure has the value CONSTANT Jrfethodref (10). 
The tag item of a CONSTANT JnterfaceMethodreflnfo structure has the value 
CONSTANT JnterfaceMethodref (1 1). 

classsjndex ^ 

The value of the classjndex item must represent a valid Java class or interface name. The name repres 

by classjndex must be exactly the same name that is described by the corresponding 

CONSTANT_Class Jnfo entry in the constant_pool of the original class file. 

name.sigjndex 

The value of the name.sigjndex item must represent a valid Java name and type. The name and type 
represented by name_sigjndex must be exactly the same name and type described by the 
CONSTANT JJameAndType Jnfo entry in the constant_pool structure of the original class file. 



Each class is described by a fixed-length Classlnfo structure. The format of this structure is: 
Classlnfo { 
u2 name Jndex; 
ul maxjield; 
ul max_sfield; 
ul max_method; 
ul maxjnterface; 
u2 superclass; 
u2 access Jlags; 



Class 




Fieldlnfo field[max Jield+max_sfield] ; 
Interfacelnfo interface[maxjnterface); 
Methodlnfo method[max method]; 

) 

The items of the Classlnfo structure are as follows: 
namejndex 

The value of the namejndex item must represent a valid Java class name. The Java class name repn 
by namejndex must be exacdy the same Java class name that is described in the corresponding Clas 
structure of the original class file, 
maxjield 

The value of the maxjield item gives the number of Fieldlnfo (0) structures in the field table that re 
the instance variables, declared by this class or interface type. This value refers to the number of non 
the fields in the card class file. If the class represents an interface the value of maxjield is 0. 
max_sfield 

The value of the max_sfield item gives the number of Fieldlnfo structures in the field table that repn 
the class variables, declared by this class or interface type. This value refers to the number of static t 
fields in the card class file. 
max_method 

The value of the max_method item gives the number of Methodlnfo (0) structures in the method tabl 
maxjnterface 

The value of the maxjnterface item gives the number of direct superinterfaces of this class or interfi 
type. 

superclass 

For a class, the value of the superclass item must represent a valid Java class name. The Java class ns 
represented by superclass must be exactly the same Java class name that is described in the correspoi 
ClassFile structure of the original class file. Neither the superclass nor any of its superclasses may be 
class. 

If the value of superclass is 0\ then this class must represent the class javaJang.Object, the only clas 
interface without a superclass. 

For an interface, the value of superclass must always represent the Java class java.lang.Object 
access JIags 

The value of the access JIags item is a mask of modifiers used with class and interface declarations, 
access Jlags modifiers and their values are the same as the access JIags modifiers in the correspondi 
ClassFile structure of the original class file 
field[] 

Each value in the field table must be a fixed-length Fieldlnfo (0) structure giving a compjete descripl 
a field in the class or interface type. The field table includes only those fields that are declared by thi 
or interface. It does not include items representing fields that are inherited from superclasses or 
superinterfaces. 
interface^ 

Each value in the interface array must represent a valid interface name. The interface name represent 
each entry must be exactly the same interface name that is described in the corresponding interface ai 
the original class file. 
methodQ 

Each value in the method table must be a variable-length Methodlnfo (0) structure giving a complete 
description of and Java Virtual Machine code for a method in the class or interface. 
The Methodlnfo structures represent all methods, both instance methods and, for classes, class (static 
methods, declared by this class or interface type. The method table only includes those methods that . 
explicitly declared by this class. Interfaces have only the single method <clinit>, the interface initiali; 
method. The methods table does not include items representing methods that are inherited from supei 
or superinterfaces. 



1 Or a standard yet fixed value. 
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Fields 

Each field is described by a fixed-length field info structure. The format of this structure is 
Fieldlnfo { 

u2 namejndex; 
u2 signature Jndex; 
u2 access Jlaes; 

I 

The items of the Fieldlnfo structure are as follows: 
namejndex 

The value of the namejndex item must represent a valid Java field name. The Java field name repre 
by namejndex must be exactly the same Java field name that is described in the corresponding field 
structure of the original class file, 
signature Jndex 

The value of the signature Jndex item must represent a valid Java field descriptor. The Java field de? 
represented by signature index must be exactly the same Java field descriptor that is described in the 
corresponding field Jnfo structure of the original class file, 
access Jlags 

The value of the access Jlags item is a mask of modifiers used to describe access permission to and 
properties of a field. The access Jlags modifiers and their values are the same as the access_flags mc 
in the corresponding fieldjnfo structure of the original class file. 

Methods 

Each method is described by a variable-length Methodlnfo structure. The Methodlnfo structure is a 
variable-length structure that contains the Java Virtual Machine instructions and auxiliary informatio 
single Java method, instance initialization method, or class or interface initialization method. The str 
has the following format: 
Methodlnfo { 

u2 namejndex; 

u2 signature Jndex; 

ul max J oca] ; 

ui max_arg; 

ul max_stack; 

ul access Jlags; 

u2 code Jength; 

u2 exception Jength; , 
ul codefcode Jength]; 
{ u2 start_pc; 

u2 end_pc; 

u2 handler_pc; 

u2 catchjype; 
} einfofexception Jength]; 

} 

The items of the Methodlnfo structure are as follows: 
namejndex . 

The value of the namejndex item must represent either one of the special internal method names, eit 
<init> or <clinit>, or a valid Java method name. The Java method name represented by namejndex i 
exactly the same Java method name that is described in the corresponding method Jnfo structure of t 
original class file, 
signature Jndex 

The value of the signature Jndex item must represent a valid Java method descriptor. The Java meth( 
descriptor represented by signature Jndex must be exacdy the same Java method descriptor that is de 
in the corresponding method Jnfo structure of the original class file, 
maxjocal 



The value of the maxjocals item gives the number of local variables used by this method, excluding 
parameters passed to the method on invocation. The index of the first local variable is 0. The greates 
variable index for a one- word value is maxjocals- 1. 
max_arg 

The value of the max_arg item gives the maximum number of arguments to this method. 
max_stack 

The value of the max_stack item gives the maximum number of words on the operand stack at any p« 
during execution of this method, 
access Jlags 

The value of the access_flags item is a mask of modifiers used to describe access permission to and 
properties of a method or instance initialization method. . The access Jlags modifiers and their value 
the same as the access_flags modifiers in the corresponding method Jnfo structure of the original els 
codejength 

The value of the codejength item gives the number of bytes in the code array for this method. The n 
codejength must be greater than zero; the code array must not be empty, 
exception length 

The value of the exception Jength item gives the number of entries in the exceptionjnfo table. 
codeQ 

The code array gives the actual bytes of Java Virtual Machine code that implement the method. Whe 
code array is read into memory on a byte addressable machine, if the first byte of the array is aligned 
byte boundary, the tableswitch and lookupswitch 32-bit offsets will be 4-byte aligned; refer to the 
descriptions of those instructions for more information on the consequences of code array alignment 
The detailed constraints on the contents of the code array are extensive and are the same as describe* 
Java Virtual Machine Specification. 
einfoQ 

Each entry in the einfo array describes one exception handler in the code array. Each einfo entry con 
the following items: 
startjpc, end_pc 

The values of the two items start_pc and end_pc indicate the ranges in the code array at which the e) 
handler is active. 

The value of start_pc must be a valid index into the code array of the opcode of an instruction. The i 
end_pc either must be a valid index into the code array of the opcode of an instruction, or must be e( 
codejength, the length of the code array. The value of start_pc must be less than the value of end_p 
The start_pc is inclusive and end_pc is exclusive; that is, the exception handler must be active while 
program counter is within the interval [start _pc, end_pc]. 
handler_pc 

The value of the handler_pc item indicates the start of the exception handler. The value of the item r 
a valid index into the code array, must be the index of the opcode of an instruction, and must be less 
the value of the codejength item, 
catch Jype 

If the value of the catch jype item is nonzero, it must represent a valid Java class type. The Java cla: 
represented by catch_type must be exacdy the same as the Java class type that is described by the 
catch Jype in the corresponding method Jnfo structure of the original class file. This class must be tl 
Throwable or one of its subclasses. The exception handler will be called only if the thrown exceptioi 
instance of the given class or one of its subclasses. 

If the value of the catch jype item is zero, this exception handler is called for all exceptions. This is 
implement finally. 

Attributes 

Attributes used in the original class file are either eliminated or regrouped for compaction. 
The predefined attributes SourceRle, ConstantValue, Exceptions, LineNumberTable, and Local- 
VariableTable may be eliminated without sacrificing any information required for Java byte code 
interpretation. 
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The predefined attribute Code which contains all the byte codes for a particular method are moved in t 
corresponding Methodlnfo structure. 



Constraints on Java Card Virtual Machine Code 

The Java Card Virtual Machine code for a method, instance initialization method, or class or interface 
initialization method is stored in the array code of the Methodlnfo structure of a card class file. Both tl 
static and the structural constraints on this code array are the same as those described in the Red book, 
Limitations of the Java Card Virtual Machine and Java Card class File Format 
The following limitations in the Java Card Virtual Machine are imposed by this version of the Java Ca 
Virtual Machine specification: 

• The per-card class file constant pool is limited to 65535 entries by the 16-bit const_size field of tl 
" CardClassFile structure (0). This acts as an internal limit on the total complexity of a single card < 

file. This count also includes the entries corresponding to the constant pool of the class hierarchy 
available to the application in the card. 2 

• The amount of code per method is limited to 65535 bytes by the sizes of the indices in the Metho 
structure. 

• The number of local variables in a method is limited to 255 by the size of the max Jocal item of t 
Methodlnfo structure (0). 

• The number of fields of a class is limited to 5 10 by the size of the maxjield and the max_sfield i 
of the Classlnfo structure (0). 

• The number of methods of a class is limited to 255 by the size of the max.method item of the Ch 
structure (0). 

• The size of an operand stack is limited to 255 words by the max_stack field of the Methodlnfo st 



(0). 
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2 A single card class file constant pool has 65535-A entries available, where A corresponds to the nui 
entries in the constant pool of the class hierarchies accessible to the application. 
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APPENDIX B 

String To ID Input And Output 

m/nlS^ 0 '?? ° Perati0n ° f Card ^ U is Vcry important that *« decla «d ^ generated IDs are 

what n """if* ^ " Sh0W " b6,0W ' d6C,ares which ™» of *e namespace can be 

JS5 ZSi^LJT" 8 a ^ gement 0f «« ma V ««" some IDs for internal use by the 
VM ,nte rpreter. and the rest is. allocated to Card JVM applications. 

# 

# String-ID INMap file. 
# 

# tlot ' ™ Available for application use. 

# POOO - FFFE Reserved for Card JVM's internal use. 

constantBase FOOO # the area from F000 to FFFF is reserved for 

# Card JVM's internal use. 

MainApplication J K000 . Mame of the sCartup clagg 

mainMV ! (chan 9 es for each application) 

* * F «01 " Name of the startup method 



java/lang/Object J po02 ****** ^ a *>P licati ° n > 

java/lang/string # F00 3 

<init>()V I 



F004 



<clinit>()V # ^005 



ill 
CI 
tc 

[B 
IS 
# 



# F006 

# F007 

# F008 

# F009 

# F000A 



constantBase FFFO # This area is reserved for simple return types 

# FFF1 

# FFF2 

# FFF3 

# FFF4 

# FFF5 * 

# FFF6 



constantBase 4000 , From here on this space is application depend 

ouVe^ppiicaJoT' P " ** apP ' iCati ° n n0 ,oaded a PP lication is P*™"<* <« 

£^£5^1?^ ^ f ° r Pre,0aded daSS HbrarieS - 1,16 —I— of these IDs 
5 2f m ™ P > generaUon of 1,16 s ^ng to ID output file String-ID OUTMap file This ma. 

STc^SEc" aUgmemed , with Ae new S ^ID bindings. These bindings may be prodded w 



As an example consider the following Java program. HelloSmartCard.java. When compiled it general 
class file HelloSmartCardxlass. This class file has embedded in it strings that represent the class nam 
methods and type information. On the basis of the String-ID INMap described above Card Class Fi!< 
Converter generates a card class file that replaces the strings present in the class file with IDs allocate 
Card Class File Converter. Table 1 lists the strings found in the constant pool of HelloSmartCard.cias 
their respective Card Class File Converter assigned IDs. Note that some strings (like 
"java/lang/Object") have a pre-assigned value (F002) and some strings (like "( ) V) get a nc 
value (4004). 



public class HelloSmartCard { 
public byte aVariable; 

public static void main() { 

HelloSmartCard h = new HelloSmartCard ( ) ; 
h. aVariable = (byte) 13; 

} 



Program : HelloSmartCardjava 



Offset 

(in Constant Pool) 


String 


ID 


Mapped New/ 
Mapped/Old 


0OO0OA 


"Code" 


4000 


New 


000011 


"SourccFile" 


4001 


New 


00001E 


"ConstantValue" 


4002 


New 


00002E 


"Exceptions" 


4003 


New 


00O03B 


"HelloSmanCard" 


FOOO 


Old 


00004C 


"java/lanfj/Object" 


F002 


Old 


000062 


"<init>" 


F004 


Old 


00006E 


"OV" 


4004 


New 


000074 


"aVariable" 


4005 


New 


0OO08A 


"B" 


FFF5 


Old 


00008E 


"HelloSmanCard.java" 


4006 


New 


0000B3 


"main" 


F001 


Old 



Relevant entries of String-ID OUTMap 
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Byte codes supported by the Card JVM in the preferred embodiment 



AALOAD 


AASTORE 


ACONST.NULL 


ALOAD 


ALOAD.O 


ALOAD. 1 


ALOAD_2 


ALOAD.3 


ARETURN 


ARRAYLENGTH 


ASTORE 


ASTORE.O 


ASTORE.l 


ASTORE.2 


ASTORE.3 


ATHROW 


BALOAD 


BASTORE 


CHECKCAST 


DUP 


DUP2 


DUP2_X1 


DUP2_X2 


DUP.X1 


DUP_X2 


GETFIELD 


GETSTATIC 


GOTO 


IADD 


IALOAD 


LAND 


IASTORE 


ICONST.O 


ICONST.l 


ICONST.2 


ICONST.3 


ICONST.4 


ICONST.5 


ICONST.M1 


rorv 


IFEQ 


EFGE 


EFGT 


IFLE 


IFLT 


EFNE 


IFNONNULL 


IFNULL 


IF.ACMPEQ 


IF.ACMPNE 


IFJCMPEQ 


IFJCMPGE 


IFJCMPGT 


IFJCMPLE 


IFJCMPLT 


IFJCMPNE 


HNC 


ILOAD 


ILOAD_0 


ILOAD.l 


ILOAD_2 


ILOAD_3 


IMUL 


INEG 


INSTANCEOF 


INT2BYTE 


INT2CHAR 


INT2SHORT 


INVOKEINTERF/ 


INVOKENONVIRTUAL 


INVOKESTATIC 


INVOKEVIRTUA 


IOR 


IREM 


ERETURN 


ISHL 


ISHR 


ISTORE 


ISTORE_0 


ISTORE_l 


ISTORIs_2 


ISTORE.3 


ISUB 


IUSHR 


KOR 


JSR 


LDC1 


LDC2 


lookupswttch 


NEW 


NEW ARRAY 


NOP 


POP 


POP2 


PUTFIELD 


PUTSTATIC 


RET 


RETURN 


SALOAD 


SASTORE 


SIPUSH 


SWAP 


TABLESWTTCH 


BIPUSH 





Standard Java byte codes numbers for the byte codes supported i 
preferred embodiment 

package util; 



List of actual Java Bytecodes handled by this JVM 

* ref. Lindohlm and Yellin. 
« 

• Copyright (c) 1996 Schlumberger Austin Products Center, 

Schlumberger, Austin, Texas, USA.' 



public interface BytecodeDefn { 

public static final byte j_NOP - (byte)O; 
public static final byte ACONST_NULL = (byte)l; 
public static final byte ICONST Jil = (byte) 2; 
public static final byte ICONST_0 = (byte) 3; 
public static final byte ICONST_l = (byte) 4; 
public static final byte IC0NST_2 = (byte) 5; 
public static final byte IC0NST_3 = (byte) 6; 
public static final byte IC0NST_4 = (byte) 7; 
public static final byte IC0NST_5 = (byte) 8; 
public static final byte BIPUSH = (byte) 16; 
public static final byte SIPUSH = (byte) 17; 
public static final byte LOCI = (byte) 18; 
public static final byte LDC2 = (byte) 19; 
public static final byte ILOAD = (byte) 21; 
public static final byte ALOAD = (byte) 25; 
publac static final byte ILOAD_0 = (byte) 26; 
public static final byte IL0AD_1 = (byte) 27; 
public static final byte ILOAD_2 = (byte) 28; 
public static final byte ILGAD.3 = (byte) 29; 
public static final byte ALOAD_0 = (byte) 42; 
public static final byte ALOAD_l = (byte) 43; 
public static final byte aload__2 = (byte) 44; 
public static final byte AL0AD_3 = (byte) 45; 
public static final byte IAL0AO = (byte) 46; 
public static final byte AALOAD = (byte) 50; 
public static final byte BALOAO = (byte) 51; 
public static final byte CALOAD = (byte) 52; 
public static final byte I STORE = (byte) 54; 
public static final byte ASTORE = (byte) 58; 
public static final byte ISTOREJJ = (byte)59; 
public static final byte IST0RE_1 = (byte)6oi 
public static final byte IST0RE_2 = (byte) 61- 
public static final byte ISTORE_3 = (byte) 62; 
public static final byte ASTORE_0 = (byte) 75; 
public static final byte AST0RE_1 = (byte) 76; 
public static final byte AST0RE_2 = (byte) 77; 
public static final byte ASTORE_3 = (byte) It] 
public static final byte I ASTORE = <byte>79; 
public static final byte AASTORE = (byte) 83; 
public static final byte BASTORE =: (byte) 84 ; 
public static final byte CASTORE = (byte) 85; 
public static final byte POP = (byte) 87- 
public static final byte POP2 = (byte) 88; 
public static final byte DUP = (byte) 89; 
public static final byte DUPju = (byte) 90; 
public static final byte DUP_X2 = (byte)9l!- 
public static final byte DUP2 = (byte) 92; 
public static final byte DUP2_X1 = (byte) 93; 
public static final byte DUP2_X2 = (byte) 94,' 
public static final byte SWAP = (byte) 95; 
public static final byte I ADD = (byte) 96; 
public static final byte ISUB = (byte) 100- 
public static final byte IMUL = (byte) 104!- 
public static final byte IDIV = (byte) 108,' 
public static final byte I REM = (byte) 112!- 



-c- 1. 



public static final byte INEG = (byte) 116; 
public static final byte ISHL = (byte) 120; 
public static final byte ISHR = (byte) 122; 
public static final byte IUSKR = (byte) 124; 
public static final byte I AND = (byte) 126; 
public static final byte IOR * (byte) 128; 
public static final byte IXOR * (byte) 130; 
public static final byte IDJC = (byte) 132; 
public static final byte INT2BYTE = (byte) 145; 
public static final byte INT2CHAR * (byte) 146; 
public static final byte INT2 SHORT = (byte) 147; 
public static final byte IFEQ = (byte) 153; 
public static final byte IFNE = (byte) 154; 
public static final byte IFLT = (byte) 155; 
public static final byte IFGE = (byte) 156; 
public static final byte IFGT = (byte) 157; 
public static final byte IFLE =* (byte) 158; 
public static final byte IF.ICMPEQ = (byte) 159; 
public static final byte IF.ICMPNE = (byte) 160; 
public static final byte IF_ICMPLT = (byte) 161; 
public static final byte IF_ICMPGE = (byte) 162; 
public static final byte IF_ICMPGT = (byte) 163; 
public static final byte IF_ICMPLE = (byte) 164; 
public static final byte IF_ACMPEQ = (byte) 165; 
public static final byte IF_ACMFNE = (byte) 166; 
public static final byte GOTO = (byte) 167; 
public static final byte j_JSR = (byte) 168; 
public static final byte RET = (byte) 169; 
public static final byte TABLESWITCH = (byte) re- 
public static final byte LOOKUPSWITCH = (byte) 171; 
public static final byte I RETURN = (byte) 172; 
public static final byte ARETURN = (byte) 176; 
public static final byte RETURN = (byte) 177; 
public static final byte GETSTATIC = (byte) 178; 
public static final byte PUTSTATIC = (byte) 179; 
public static final byte GETFIELO * (byte) 180; 
public static final byte PUTFIELD = (byte) 181; 
public static final byte INVOKEVTRTUAL = (byte) 182; 
public static final byte INVOKENONVIRTUAL = (byte) 183 
public static final byte INVOKESTATIC = (byte) 184; 
public static final byte INVOKE INTERFACE = (byte) 185; 
public static final byte NEW = (byte) 187; 
public static final byte NEWARRAY = (byte) 188; 
public static final byte ARRAYLENGTH = (byte) 190; 
public static final byte ATHROW = (byte) 191; 
public static final byte CHECKCAST = (byte) 192; 
public static final byte INSTANCEOF = (byte) 193; 
public static final byte IFNULL a (byte)198; 
public static final byte IFNONNULL = (byte) 199; 
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APPENDIX D 



Card Class File Converter byte code conversion process 



* Reprocess code block. 

•/ 
static 
void 

reprocessMethodUMethod* imeth) 

int pc; 
int npc; 
int align; 
bytecode* code; 
int codelen; 
int i; 
int opad; 
int npad; 
int ape; 
int high; 
int low; 



^pStS^J^ t^aSon keePS traCk ° f VaUd JaVa bytGCOdeS — 



r 



code = imeth->external->code; 

codelen = imeth->external->code_length; 

jumpPos = 0; 
align = 0; 

/• Scan for unsupported opcodes */ 

for (pc = 0; pc < codelen; pc = npc) { 
if ( code info ( code (pc J J .valid == 0) { 
^ error < "Unsupported opcode %d-, code(pcj); 

^ npc * nextPC(pc, code) ; 



/• Scan for juap in.tructioas an insert into jump table •/ 

for (pc =0; pc < codelen; pc = npc) ( 
npc = nextPC(pc, code); 

if (codeinfo (code (pc) ) .valid == 3) ( 

^ insertJump(p C +l, pc, (intl6) ( (code [pc+1 ) « 8) |code(pc+2 ! ) ) ; 

else if (codeinfo (code (pc]J .valid == 4) ( 
ape = pc & -4; 

low = <code[apc+8J « 24) | <code(apc+9] « 16) 
h*„H I (c ° d ^ a P c+1 01 « 8) | code(apc + llJ; 
high = code(apc+12) « 24) | (code[apc+13] « 16) 
p ,. I <code(apc+14] « 8) | code(apc*15] ; 
for (i = 0; i < high-low*l; i!+) ( 

insertJump(apc<Mi*4)*l8, pc, 
} (intl6)((code(apc+(i*4)+181 « 8) | code[apc*UM) *19]> ) ; 

^ insertJump(apc + 6, pc, ( intl6) ( (code (apc+6 ) « 8) | code(apc+7] ) ) ; 

else if (codeinfo(code(pc)) .valid == 5) ( 
ape = pc & -4; 

low = <code[apc*8] « 24) | (code(apc*9) « 16) 

I (code(apc*10] « 8) | code(apc^ll) ; 
cor (l = 0; i < low; i++) ( 

insertJump(apc+(i*8)+18, pc, 
) (intl6)((code(apc*(i*8>*18] « 8) | code (ape* ( i*8> + 19 ))) ; 

^ insertJump(apc*6, pc, (intl6) ( <code(apc*6J « 8) | code(apc+7 ) ) ) ; 

) 



fUfdef TRANSLATE BYTECODE 

eor*^^* Speci£lc to geaeral ona. 

/. , PC < cod elen; pc = npc) { 

t This is a translation code •/ 

it ( codeinf o { code ( pc]]. valid == 2) { 

switch (code(pcj) { 

case ILOAD_0: 

case ILOAoIl: 

case ILOA0I2: 

case IL0AD_3: 

insertSpace(code, &codelen, pc 1) • 
align i; 

code(pc*l] = codefpc) - I LOAD 0; 

codefpoO] = ILOAD; 

break; 

case ALOAD_0: 
case ALOAD^l: 
case ALOAD~2 : 
case ALOAD~3 : 

insertSpacefcode, icodelen, pc, 1) ; 
align 1; 

codefpol] * code (pc) - ALOAD 0; 

COde[pc*0] = ALOAD; 

break; 

case ISTORE_0: 
case ISTOREZl: 
case ISTOREI2: 
case ISTORE_3 : 

insertSpac"e<code, fccodelen, pc, 1); 
augn ♦= 1 ; 

codefpc+l] = code(pc) - ISTORE 0; 

code(pc*0] = ISTORE; 

break; 

case ASTORE_0 : 
case ASTORE_l : 
case ASTORE_2: 
case AST0RE_3 : 

insertSpace(code, icodelen, pc, 1) • 
align l ; " ' ' ' 

codejpc+l] = codefpc] - ASTORE Op- 
code tpc+0] s ASTORE; 
break; 

case IC0NST_M1; 

insertSpac*e<code, icodelen. pc 2) - 

align +=2; ' 

code(pc*2] = 2 55; 

code(pc+l) = 255; 

codelpc+0| = SIPUSH; 

break; 

case ICONST_0: 
case ICONStIi: 
case IC0NST_2: 
case ICONSTI3 : 
case IC0NST_4: 
case ICONST_5: 

insertSpacelcode, tcodelen, pc, 2)- 
align 2 ; 

: " de(pc) - ICONST - 0; 

codefpc*0] =1 SIPUSH; 
break; 

case LDC1: 

insertSpace(code. icodelen, pc, 1) ; 
align ♦= l ; H ' 1 ' 

code(pc+l] = 0; 
code(pc+0] = LDC2; 
break ; 



case SIPUSH: 

insertSpace(code, icodelen. pc. 1); 
align 1; 

if ( (int8 ) code (pc>2] >= 0) ( 
code|pc+ll = 0; 

) 

else { 

^ code(pc*ll = 255; 

code{pc+0] = SIPUSH; 
break; 

case INT2 SHORT: 

removeSpace(code. &codelen, pc, 1); 
align -s 1 ; 
npc = pc- 
continue; 

) 

) 

Gl /* s3itch^ i ^° CC ?f e(P S ,3 ' Val i d == 4 " ccdeinfo(code[pc]). valid 5) ( 

* 1 al i gned to 4 boundaries. Since we are inserting and 

* £hSoL^ eC ° 6S ' th i 3 , mdy Change Che a li9nment of switch instructions. 
^Therefore, we must readjust the padding in switches to compensate. 

noad - \1 " !! (PC ^ > ." ali9Tl) % 4,1 % 4; /# current switch padding •/ 

^wVo^srt' % 4)) % 4; New switch padding 

laser tSpace (code, icodelen, pc+1, npad - opad) ; 
^ align ♦= {npad - opad) ; 

else if (npad < opad) { 

removeSpace(code, &codelen, pc*l, opad - npad) ; 
^ align - = (opad * npad) ; 



) 



) 

Sendif 



npc = nextPC(pc, code); 



/* Relink constants */ 

for (pc =0; pc < codelen; pc = npc) ( 
npc s nextPC(pc, code); 

i = (uintlS) ( (code(pc+l) « 8) + code[pc+2]) ; 

switch ( code ( pc)) { 
case LDC2: 

/• »i» s S general index •/ 
switch (cltem(i) . type) ( 
case CONSTANT^Integer: 
i * cltem(i) .v. tint; 
code(pc) s SIPUSH; 
break; 

case CONSTANT'S tring: 
i = buildStringlndex(i) ; 
break; 

default: 

break • < " UnSUPP ° rted loading of con stant type-); 

) 

break ; 

case NEW: 

case INSTANCEOF: 

case CHECKCAST: 

/* *i' sa class index */ 

i = buildClassIndex(i) ; 

break; 

case GETFIELD: 
case PUTFIELO: 

/• "f == field index •/ 



/* i = bu ildFie Ids ignacure Index ( i) ; •/ 
i = buildStaticFieldSignaturelndex(i) ; 
break; 

case GET STATIC: 
case PUTSTATIC: 

/• 'i' =* field index •/ 

i = buildStaticFieldSignaturelndex(i) ; 

break; 1 

case INVOKEVTRTUAL: 
case INVOKENONVTRTUAL : 
case INVOKESTATIC: 
case INVOKEINTERFACE: 

/* 'i' =s method signature index */ 

i » buildSignaturelndexU) ; 

break; 



/* Insert application constant reference V 
code(pc*lJ = (i » 8) & OxFF; 
code[pc+2) = i & OxFF; 



tifdef MODIFY_BYTECODE 
/• Translate codas •/ 

for (pc = 0; pc < codelen; pc = npc) { 
npc * nextPC(pc, code) ; 

code(pc] = codeinfo (code (pc) ] .translation; 

) 

# end if 



/• Ralink jumps .•/ 

for (i « 0; i < jumpPos; i*+) ( 
ape a jumpTable(i) .at; 
pc ■ jumpTable(i) . from; 
npc = jumpTable(i] . to - pc; 

code(apc+0] = (npc » 8) & OxFF; 
code(apc+l] = npc & OxFF; 

> 

/• Fixup length V 

imeth->external->code_length = codelen; 
imeth->esize = (SI2E0FMETH0D + codelen + 3) & 



) 
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Example Loading And Execution Control Program 

public class Bootstrap { 

// Constants used throughout the program 
static final byte BUFFER_LENGTH 
static final byte ACK_SIZE 
static final byte ACK_CODE 
static final byte OS_HEADER_SIZE 
static final byte GPOS_CREATE_FILE 

static final byte ST_INVALID_CLASS 
static final byte ST_INVALID_PARAMETER 
static final byte ST_INS_NOT_SUPPORTED 
static final byte ST_SUCCESS 



static final byte ISO_COMHAND_LENGTH 
static final byte I SO_READ_B INARY 
static final byte ISO_UPOATE_B INARY 
static final byte ISO_INIT_APPLICATION 
static final byte I SO_VERI FY_KEY 
static final byte ISO_SELECT_FILE 

static final byte ISO_CLASS 
static final byte ISO _JVPP_CLASS 



32; 

(byte)l; 
(byte)O; 
(byte) 0x10; 
(byte)OxEO; 

(byte)OxCO 
(byte)OxAO 
(byte)OxBO 
(byte) 0x00 

(byte) 5 ; 
(byte)OxBO 
(byte) 0xO6 
(byte)0xF2 
(byte) 0x2 A 
(byte) 0xA4 

(byte)OxCO; 
(byte)OxFO; 



public static void main ( ) { 

byte pbuffer[) = new byte ( ISO_COMMAND_LENGTH ) ; 

byte dbufferCJ = new byte t BUFFER_LENGTH ) ; 

byte acxByteO = new byte[ACK_SIZE] ; 

//short fileld; 

short offset; 

byte bReturnStatus; 

// Initialize Communications 
_OS.SendATR() ; 



do ( 



// Retrieve the command header 

_OS.GetMessage(pbuf fer, ISO_COMMAND_LENGTH, ACK_CODE) ; 

// Verify class of the message - Only ISO ♦ Application 
if ((pbuffer(O) 1= ISO_APP_CLASS) 
&& (pbuffer(0] != ISO_CLASS) ) { 
^ _OS. Sends ta tus (ST_INVALID_CLASS) ; 

else { 

//go through the switch 

// Send the acknowledge code 

// Verify if data length too large 
if (pbuffer(4) > BUFFER_LENGTH> { 

bReturnStatus = ST_INVALID PARAMETER; 

) 

else 



{ 



switch (pbuffer(l)) ( 
case ISO_SELECT_FILE: 

//we always assume that length is 2 

if (pbuffer(4] 2) ( 

bReturnStatus = ST_INVALI D_PARAMETER ; 

) 

else 
{ 

// get the f ileId(of f set) in the data buffer 
_OS.GetMessage(dbuf fer. (byte)2, pbuffer(l)); 
// cast dbuf fer(0. .11 into a short 



offset = (short) 1 ((dbuffer(O) « 8) | (dbuffer (11 & OxOOFF) ) 
bReturnStatus = _OS. SelectFile (offset ) ; uxqoff) ) 



break; 

case ISO_VERIFY_KEY: 

// Get the Key from the terminal 

.OS. GetMessage (dbuffer. pbuf fer (4), pbufferdl); 

bReturnStatus = -OS. VerifyKey (pbuf fer(3) , 

dbuffer, 

break; Pbuffer(4J>; 

case ISO_INITJU>PLICATION: 

'LJ^ 1 * send the id of a va lid program file 
OS. GetKessage (dbuffer. (byte)l, pbufferdl); 

omST 6 ? " 1 ^ d <°" s «» from pbuf fer (2.. 31 via casting 

b^?urnS t a^ r r_ OS P ^ e | offs < e r ' <P*"«»1 * 0-W 

break; dbuffer (0 J); 

case GPOS_CREATE_FILE : 

if (pbuf fer (4] != OS_HEADER_SIZE) { 

bReturnStatus = ST_INVALID PARAMETER; 
break; 

) 

// Receive The data 

b*> -OS.GetMessage(dbuffer. pbuffer[4], pbufferdl ); 

Q brea^ rnStatUS * - 0S ' Creat eFile (dbuffer ) ; 

R case ISO^UPDATEJINARY: 

[ft 7 QSJ2tttMaMage(dbuffer, pbuf fer (4], pbufferdl); 

M orfs^T e £f f?^ P^"er(2. .3] P via citing 

M HLmei t^^. f" 1 ? 1 ~ 8) I <Pbuffer(3] 6 OxOOFF) , , 

W assumes that a file is already selected 

• g bReturnStatus = _OS.WriteBinaryFile (offset. 

Q pbuf fer (4), 

7 break; dbuffer,; 

« case I SO_READ_B INARY : 

' ^*^ Ut ? ° ffse * from pbuf f erC 2.. 3) via casting 

O // assumei 5 ^^ ^^"""l « *> I <Pbuffer(3] .OxOOFF),; 

«i assumes that a file is already selected 

IV bReturnStatus * _OS.ReadBinaryFile (offset, 

m Pbuf fer (4 1, 

O // Send the data if successful 

Li ackByte(O) = pbufferdl; , 

? If (bReturnStatus == ST_SUCCESS, ( 

_OS.SendMessage(ackIyte, ACK_SIZE) ; 

-OS. SendMessage (dbuffer. pbuffer(4)) ; 

break; 
default: 

bRetumstatus = ST_INS_NOT_SUPPORTED ; 



) 



} 



^ -OS.SenctStatus (bRetumstatus) ; 

) 

while (true); 
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APPENDIX F 

Methods For Accessing Card Operating System Capabilities 
The Preferred Embodiment 



public class _0S { 

static native byte 
static native byte 
static native byte 
static native byte 

static native byte 
static native byte 



SelectFile 
SelectParent 
SeiectCD 
SelectRoot 

CreateFile 
DeleteFile 



// General File Manipulation 
static native byte ResetFile 
static native byte ReadByte 
static native short ReadWord 



// Header Manipulation 
static native byte 

// Binary File support 
static native byte 

static native byte 



// Record File support 
static native byte 

static native byte 
static native byte 



GetFilelnfo 



ReadBinaryFile 



WriteBinaryFile 



SelectRecord 

NextRecord 
PreviousRecord 



(short file_id) ; 

0 j 
0 

o 

(byte file_hdr[)); 

(short file_id) ; 



0; 

(byte offset) ; 
(byte offset) ; 



(byte file_hdr[]) 



(short offset, 

byte data_length. 

byte bufferU); 

(short offset, 

byte data_l eng th , 

byte bufferU); 



(byte 
byte 

0; 
0; 



record_nb, 
mode) ; 



static native byte 



static native byte 



ReadRecord 



WriteRecord 



(byte record_data ( ] , 

byte record_nb, 

byte offset, 

byte length) ; 

(byte buffer U , 

byte record_nb, 

byte offset, 

byte length) ; 



// Cyclic File Support 
static native byte 

// Messaging Functions 
static native byte 



static native byte 

static native byte 

// Identity Management 
static native byte 
static native byte 

static native byte 

static native byte 



Las tUpda tedRec 

GetMessage 

SendMessage 
SetSpeed 



CheckAccess 
VerifyKey 



VerifyCHV 
ModifyCHV 



0; 



(byte 
byte 
byte 

(byte 
byte 

(byte 



(byte 

(byte 
byte 
byte 

(byte 
byte 
byte 

(byte 
byte 
byte 



buffer (3 , 
expected_length, 
acfc_code) ; 
bufferU, 
data_length) ; 
speed) ; 



ac_action) ; 

key_number , 

keyjbuf fer ( ] , 

key_length) ; 
CHV_number , 
CHV_buffer{] , 
unblock_f lag) ; 
CHV_number , 
old_CHV_buffer(} , 
new_CHV_buffer( J , 



static native byte 
static native byte 

static native byte 
static native byte 

static native byte 
static native byte 



GetFileStatus 
SetFileStatus 



byte 
() ; 
(byte 



unblock. 



Lag) ; 



GrantSupervisorMode ( ) ; 
RevokeSupervisorMode ( ) ; 



SetFileACL 
GetFileACL 



// File context manipulation 
static native void InitFileStatus 
static native void BackupFileStatus 
static native void RestoreFileStatus 

// Utilities 



static 


native 


byte 


CompareBuf fer 


static 
static 
static 
static 


native 
native 
native 
native 


short 
void 
byte 
byte 


Avai labl eMemory 
ResetCard 
SendATR 
SetDefaultATR 


static 


native 


byte 


Execute 



(byte 
{byte 



(byte 
byte 
byte 

(); 

(byte 

0; 

(byte 
byte 

( short 
byte 



// Global state variable 
static native byte 
static native byte 
static native short 
static native byte 
static native byte 
static native short 
static native void 



functions 
Getldentity 
GetRecordNb 
GetApplicationld 
GetRecordLength 
GetFileType 
GetFileLength 
Sends tatus 



f ile_status) ; 



file_acl(] ) , 
file_acl(] ) , 



pattern_length, 
buffers [] , 
buffered J ; 

mode) ; 

bufferU, 
length) ; 
file_id, 
flag) ; 



0 
() 
() 
0 

() 

0 

(byte status) ; 



I ■ 
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APPENDIX G 

Byte Code Attributes Tables 

Dividing Java byte codes into type groups 

Each bytecode is assigned a 5 bit type associated with it. This is used to group the codes into similarly t 
sett, n general this behaviour reflects how the types of byte codes operate on the stack, but types 0, 13, 
reflect specific kinds of instructions as denoted in the comments section. 

The table below illustrates the state of the stack before and after each type of instruction is executed. 



Type Before execution 



After exececution Comment 



0 
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 



stkO==int stkl==int 
stkO==int 

stkO==int stkl==int 
push(l) 

stkO==int stkl==int 

stkO==int 

stkO==ref 

stkO==int 

push(l) 

push(l) 

stk0==ref 



Pop(l) 
pop(l) 
pop (2) 



pop (3) 

pop(l) 

pop(l) 

pop(l) 

stk0<-int 

stk0<-ref 

stk0<-int 



stk0<-ref 



Illegal instructs 



DUPs, SWAP ins true 
INVOKE instructior 
FIELDS instructior 



Using Standard Java Byte Code (without reordering) - Attribute Lookup Table 

/* 

* Table of bycecode decode information. This contains a bytecode type 

* and a bytecode length. We currently support all standard bytecodes 

* (ie. no quicks) which gives us codes 0 to 201 (202 codes in all) . 
•/ 



#define T_ 


0 


#def ine T3 


1 


#defineT6 


2 


#def ine Tl 


3 


frdef ine T2 


4 


#def ine T7 


5 


8def ine T9 


6 


#def ine T8 


7 


#def ine T12 


8 


#def ine T10 


9 


^define TS 


10 


#def ine Til 


11 


#define T16 


12 


ftdef ine T4 


13 


»defineT13 


14 


ftdef ine T14 


15 


frdef ine T15 


16 



^define D(T, L) 

#def ine _BUILD_IT YPE _^AND_ I LENGT H ( T , L) 
#def ine _BUILD_ITYPE(T) 
#def ine _BUILD_ILENGTH<L) 
#de f ine _GET_ITYPE ( I ) 
#def ine _G ET_I LENGTH ( I ) 



_BUILD_ITYPE_AND_ILENGTH(T, L) 
(_BUILD_ITYPE<T) | _BUILD_I LENGTH (L) ) 
UT) « 3) 
(h) 

((I) & 0xF8) 
({I) & 0x07) 



const uint8 _SCODE _decodeinf o(2561 = { 



D( T4 


, 1 >. 


/* 


NOP 


*/ 


D( Til 


. 1 ), 


/• 


ACONST_NULL 


•/ 


D( T10 


, 1 ). 


/* 


XCONST_Ml 


*/ 


D( T10 


. 1 ), 


/* 


ICONST_0 


*/ 


D( T10 


, 1 ), 


/• 


ICONST_l 


*/ 


D( T10 


, 1 ), 


/• 


XCGNST_2 


*/ 


D( T10 


, 1 ), 


/* 


ICONST_3 


*/ 


D(. T10 


, 1 ), 


/* 


ICONST_4 


V 


D( T10 


. 1 ). 


/* 


ICONST_5 


•/ 


D( T_ 


, 1 >, 








D( T_ 


, 1 >. 








D( T_ 


, 1 >. 








D( T_ 


. 1 ). 








D( T_ 


, 1 ). 








D{ T_ 


. 1 ). 








D( T_ 


, 1 ). 








D( T10 


• 2 ), 


/* 


BIPUSH 


*/ 


D( T10 


, 3 ), 


/• 


SIPUSH 


•/ 


D( T_ 


, 2 >, 


/• 


LDC1 


V 


D( Til 


p 3 ), 


/* 


LDC2 


*/ 


D( T_ 


, 3 ), 








D( T5 


. 2 ), 


/* 


ILOAD 


V 


D< T_ 


, 2 ). 








D( T_ 
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NEW 

NEWARRAY 
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/* ATHROW */ 

/* CHECKCAST */ 

/* INSTANCE OF */ 
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/* IFNONNULL */ 
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APPENDIX H 



Checks Done On Java Byte Codes By Type 



Decoding the instruction. This gives us the length to generate the next PC, and the instruction type: 

pcargl = J3Err_ILENGTH(_decodeinfo(insn} ) ; 
itype = _(OT_ITYPE(_decodeinfo(insn]) ; 

Implement some pre-execution checks based on this: 

/* Check the input stack state based on the instuction type V 
xf (itype <= ITYPE9) { 

if (itype <= ITYPE1) { 

check__stack_int ( 1 ) ; 

) 

check_s tack_int ( 0 ) ; 

) 

else if (itype <= ITYPE12) { 
check_stack_ref (0) ; 

} 

else if (itype < ITYPE11) { 
push(l) ; 

} 

Finally, implement some post execution checks: 

/* Set the output state */ 
if (itype <= ITYPE8) { 

if (itype <= ITYPE6) { 

if (itype >= ITYPE6) ( 
pop(l); 

> 

pop(l) ; 

> 

POP(I) ; 

} 

else if (itype <= ITYPE10) { 
set_stack_int(0) ; 

) 

else if (itype >= ITYPE11 && itype <= ITYPE16) { * 
set_stack_ref (0) ; 

) 
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APPENDIX I 

Checks Done On Renumbered Java Byte Codes 



Get the instruction. The numeric value of the instruction implicitly contains the instruction type: 
insn = getpc(-l) ; 



Implement some pre-execution checks based on this: 
/* 

Check input stack state. By renumbering the byte codes we can 
perform the necessary security checks by testing if the value of. the 
*^byte code (and hence the byte code) belongs to the correct group 

if (insn <= TYPE9_END) { 
if (insn <= TYPE1_END) ( 
check_stack_int(l) ; 

} 

check_stack_int (0 ) ; 

) 

else if (insn <= TYPE12_END> { 
check_stack_ref (0) 

> 

else if (insn <= TYPE11_END) ( 
push(l) 

} 



Finally, implement some post execution checks: 



* Set output stack state. 
V 

if (insn <= TYPE8_END) { 
if (insn <= TYPE6_END) { 
if (insn >=. TYPE 6 _S TART) { 
pop(l) ; 

} 

POp(l) ; 

) 

POp(l) ; 

) 

else if (insn <= TYPE10_END) ( 
set_stack_int(0) ; 

> 

else if (insn >= TYPE1 1_START insn <= TYPE16_END> { 
set_stack_ref (0) ; 

> 
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Reordering of supported Java byte codes by type 

/* TYPE 3 */ 



tdefine s_POP2 o 

fldefine s_IF_ICMPEQ l 

Sdefine s_IF_ICMPNE 2 

ft define s_IF_ICMPLT 3 

frdefine s_IF_ICMPGE 4 

S define s_IF_ICMPGT 5 

♦define s_IF_ICMPLE 6 

Sdefine s_IF_ACMPEQ 7 

♦define s_IF_ACMPNE . 3 

/• TYPE 6 */ 

* define TYPE6_START 9 

♦define s_SASTORE 9 

#define s^AASTORE io 

♦define s_8ASTORE 11 

♦define TYPE6_END 12 
/• TYPE 1 */ 

#define s_IADD 13 

#define s_ISUB 14 

#de£ine s_IMUL 15 

♦define s_IDIV 16 

#define s_IREM 17 

#define s_ISHL is 

♦define s_ISHR 19 

#define s_IUSHR 20 

#define s_IAND 21 

♦define s_IOR 22 

♦define s_IXOR 23 

♦define TYPE1_END 23 

/• TYPE 2 •/ 

#define s_ISTORE 24 

♦define s_POP 25 

♦define s_IFEQ 26 

♦define s_IFNE 27 

#define s_IFLT 28 

#define s_IFGE 29 

♦define s_IFGT 30 

♦define s_IFLE 31 

#define s_TABLESWITCH 32 

♦define s_LOOKUPSWITCH 33 

♦define s_IRETURN 34 

/• TYPE 7 •/ 

#define s_SALOAD 35 

♦define s_AALOAD 36 

♦define s_BALOAD 37 

/* TYPE 9 •/ 

♦define s_INEG 39 

#define s_INT2BYTE 40 

♦define s_INT2CHAR ' 41 

♦define TYPE9_END 41 

/* TYPE 8 •/ 

idefine s^ASTORE 42 

♦define s_ARETURN 43 



ftdefine s_ATHROW 
ftdefine i»- inroLL wlT T 




/* TYPE 12 */ 

ftdefine s_ARRAYLENGTH 47* 
ftdefine s_INSTANCEOF 48" 

ftdefine TYPE12_END 

/* TYPE 10 •/ 

ftdefine s.SIPUSH 

ftdefine TYPE10_END 

/* TYPE 5 */ 

ftdefine s_ILOAD 
#define s^ALOAD 

/* TYPE 11 V 

ftdefine TYPE1 1 _START 

ftdefine s_ACONST_NULL 
ftdefine s_LDC2 
ftdefine s_JSR 
ftdefine s_JJEW 

ftdefine TYPE11_END 
/* TYPE 16 •/ 

ftdefine s_tfEWARRAY 
ftdefine s_CHECKCAST 

#define TYPE16_END 

/* TYPE 13 */ 

ftdefine s_DUP 
ftdefine s_DUP_Xl 
ftdefine s_DUP_X2 
ftdefine s_DUP2 
ftdefine s_DUP2_JCl 
ftdefine s_DUP2_X2 
#define s_SWAP 

/♦ TYPE 14 *./ 
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ftdefine s_INVOKEVIRTUAL 65 

ftdefine s_INVOKENONVIRTUAL 66 

ftdefine s_INVOKESTATIC 67 

ftdefine s_INVOKE INTERFACE 68 

/* TYPE 15 */ 



/* 01000001 
/* 01000010 
/* 01000011 
/* 01000100 



ftdefine s_GETSTATIC 
ftdefine s_PUTSTATIC 
ftdefine s_GETFIELD 
ftdefine s_PUTFIELD 

/• TYPE 4 */ 

ftdefine sJtfOP 
ftdefine S_IINC 
ftdefine s_GOTO 
ftdefine s_RET 
ftdefine s_RETURN 
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